A huge data leak has hit China, and it might be the biggest one ever. Over 4 billion personal records were found on an open database. These records include financial data, WeChat and Alipay details, home addresses, and even possible chat logs. What is more shocking? The data was not even protected by a password.
The leak was discovered on May 19, 2025, by cybersecurity researcher Bob Dyachenko and the Cybernews team. The database was around 631GB in size and was left completely open on the internet. The exposed data was removed from public access the next day, but by then, it had already made headlines.
The leaked database had several folders with names like “wechatid_db”, “bank”, and “address_db”. These names clearly show what kind of data was inside. One folder had over 805 million WeChat IDs. Another had more than 780 million home addresses. A third had over 630 million bank records, including payment card numbers, names, phone numbers, and birth dates.
There was also a folder that had something called “three-factor checks”. This likely contained ID numbers, phone numbers, and usernames. Another folder called “wechatinfo” had nearly 577 million records, possibly including chat logs or account activity.
Alipay data was also found. One folder had over 300 million records with Alipay card and token details. Another had 20 million records related to Alipay financial data.
Other folders included information on jobs, pension funds, insurance, gambling, and vehicle registrations. One even seemed to have data related to Taiwan.
This is still a mystery. The database had no name, no logo, and no clues about who made it. But collecting this much data is not something an ordinary person can do. Experts believe this was either a government database or the work of a group collecting data for surveillance or profiling.
The way the data was arranged and stored shows that it was not random. It looked well-organized and planned. That is why many believe this could have been part of a bigger system, maybe even for tracking or monitoring people.
This leak is dangerous because it gives attackers everything they need to commit fraud. They can use this data for phishing scams, identity theft, blackmail, or even targeted disinformation. Imagine someone knowing your address, your bank info, and your chat history.
And what can affected users do? Sadly, nothing. There is no way to know if your data was in the leak. There is no one to contact. No company has taken responsibility. And since the leak came from an unknown source, no one is sending alerts or warnings.
China has seen data leaks before. In the past, records from platforms like Weibo, DiDi, and the Shanghai Communist Party were exposed. But this time, the scale is much bigger, more than 4 billion records.
This might be the largest leak of Chinese personal data ever reported.
This data leak is a wake-up call. It shows how dangerous it is to store huge amounts of personal information without proper security. Whether this was a government system or something built by hackers, the result is the same — millions of people are now at risk.
And the scariest part? We may never know who was behind it.
